<?php
include_once "class/hh.class.php";
$hh = new hh();
$control = $_GET["control"];
	
	switch($control){
		case "user_login" : 
			$user_login = $hh->user_login($hh->escape($_POST["adi"]),$hh->escape($_POST["parola"]));
			if($user_login){
				$hh->set_message("success","Kullanıcı girişi başarılı");
				$hh->go("back");
			}
			else{
				$hh->set_message("error","Yanlış kullanıcı adı veya parola");
				$hh->go("back");
			}
		
		break;
		
		case "logout" :
			$hh->user_logout();
			$hh->go("back");
		break;
		
		case "del_complaint" :
		if($hh->can_access("*")){
			$complaint = $hh->fetch_array($hh->db_get("author","complaints","id=".(int)$hh->escape($_GET["control2"])));
			if($_SESSION["current_user"]["authority"] == 1 || (int)$_SESSION["current_user"]["id"] == (int)$complaint["author"]){
				$hh->del_complaint($hh->escape($_GET["control2"]));
				$hh->set_message("success","Seçilen şikayet silindi");
				$hh->go("back");
			}
			
			else
				$hh->go("back");
		}
		break;
		
		case "giveup_watch" :
		if($hh->can_access("*")){
			$watchlist = $hh->fetch_array($hh->db_get("watchlist","complaints","id=".(int)$hh->escape($_GET["control2"])));
			$watchlist = str_replace("-".$_SESSION['current_user']['id']."-", "-", $watchlist["watchlist"]);
			$hh->db_update("complaints", "watchlist='$watchlist'", "id=".(int)$hh->escape($_GET["control2"]));
			$hh->set_message("success","Seçilen şikayet izleme listesinden çıkarıldı");
			$hh->go("back");
			
		}
		break;
		
		case "settings" :
		if($hh->can_access("*")){
			if(empty($_POST["pass"]) || $_POST["pass"] == ""){
				$hh->set_message("error","Ayarları kaydetmek için parolanızı girmelisiniz");
				$hh->go("back");
			}
			elseif(md5($_POST["pass"]) != $_SESSION["current_user"]["password"]){
				$hh->set_message("error","Parolanızı yanlış girdiniz");
				$hh->go("back");
			}
			elseif($_POST["new_pass"] != $_POST["new_pass_t"]){
				$hh->set_message("error","Yeni parola ve tekrarı uyuşmuyor");
				$hh->go("back");	
			}
			else{
				if(!empty($_POST["new_pass"])){
					$hh->db_update("users", "password=MD5('".$_POST['new_pass']."'), name='".$_POST['name']."', email='".$_POST['email']."'", "id=".(int)$_SESSION["current_user"]["id"]);
					$username = $_SESSION["current_user"]["username"];
					$hh->user_logout();
					$hh->user_login($username,$_POST["new_pass"]);
					$hh->set_message("success","Ayarlarınız kaydedildi");
					$hh->go("back");
				}
				else{
					$hh->db_update("users", "name='".$_POST['name']."', email='".$_POST['email']."'", "id=".(int)$_SESSION["current_user"]["id"]);
					$username = $_SESSION["current_user"]["username"];
					$hh->user_logout();
					$hh->user_login($username,$_POST["pass"]);
					$hh->set_message("success","Ayarlarınız kaydedildi");
					$hh->go("back");
				}
			}
		}
		break;
		
		case "del_category" :
		if($hh->can_access(1)){
			$del_complaints = (int)$hh->escape($_GET["del_complaints"]);
			if($del_complaints == 1)
				$del_complaints = true;
			elseif($del_complaints == 0)
				$del_complaints = false;
				
			$del_sub_categories = (int)$hh->escape($_GET["del_sub_categories"]);
			if($del_sub_categories == 1)
				$del_sub_categories = true;
			elseif($del_sub_categories == 0)
				$del_sub_categories = false;
				
			$hh->del_category($hh->escape($_GET["control2"]), $del_sub_categories, $del_complaints);
			$hh->set_message("success","Seçtiğiniz kategori seçtiğiniz ayarlarla silindi");
			$hh->go("back");
		}
		break;
		
		case "add_category" : 
		if($hh->can_access(1)){
			if(empty($_POST["category_name"]) || $_POST["category_type"] == ""){
				$hh->set_message("error","Boş alan bırakmayınız");
				$hh->go("back");
			}
			elseif(strlen($_POST["category_name"]) > 30){
				$hh->set_message("error","Kategori adı 30 karakterden az olmalıdır");
				$hh->go("back");
			}
			else{
				if(isset($_POST["category_parent"]))
					$parent = (int)$_POST["category_parent"];
				if((int)$_POST["category_type"] == 1)
					$parent = 0;
				$hh->add_category($hh->escape($_POST["category_name"]), (int)$_POST["category_type"], $parent);	
				$hh->set_message("success","Kategori eklendi");
				$hh->go("index.php?page=panel&panel=categories");
			}
		}
		break;
		
		case "update_category" :
		if($hh->can_access(1)){
			if(empty($_POST["category_name"])){
				$hh->set_message("error","Boş alan bırakmayınız");
				$hh->go("back");
			}
			elseif(strlen($_POST["category_name"]) > 30){
				$hh->set_message("error","Kategori adı 30 karakterden az olmalıdır");
				$hh->go("back");
			}
			else{
				if(isset($_POST["category_parent"]))
					$parent = (int)$_POST["category_parent"];		
				else
					$parent = 0;
				$hh->db_update("categories","category_name='".$_POST['category_name']."', parent=$parent", "id=".(int)$hh->escape($_POST["id"]));
				$hh->set_message("success","Kategori bilgileri değiştirildi");
				$hh->go("index.php?page=panel&panel=categories");
			}
		}
		break;
		
		case "block_user" :
		if($hh->can_access(1)){
			$block = $hh->fetch_array($hh->db_get("block","users","id=".(int)$hh->escape($_GET["control2"])));
			$block = $block["block"];
			if($block == 1) $block = 0; elseif($block == 0) $block = 1;
			$hh->db_update("users","block=$block","id=".(int)$hh->escape($_GET["control2"]));
			if($block == 1) $message = "Kullanıcı aktif hale getirildi"; elseif($block == 0) $message = "Kullanıcı engellendi";
			$hh->set_message("success",$message);
			$hh->go("back");
		}
		break;
		
		case "update_user" :
		if($hh->can_access(1)){
			if($_POST["password"] == "No_Pas*swor|d")
				$password_sql = "";
			else
				$password_sql = ",password='".md5($_POST['password'])."'";
			$hh->db_update("users","username='".$_POST['username']."', authority=".$_POST['authority'].$password_sql,"id=".(int)$hh->escape($_POST["id"]));
			$hh->set_message("success","Kullanıcı bilgileri değiştirildi");
			$hh->go("index.php?page=panel&panel=users");
		}
		break;
		
		case "add_user" :
		if($hh->can_access(1)){
			if($_POST["password"] == "" || $_POST["username"] == "" || $_POST["name"] == "" || empty($_POST["authority"])){
				$hh->set_message("error","Bilgileri eksiksiz giriniz");
				$hh->go("back");
			}
			else{
				$hh->db_add("users","null, '".$_POST['username']."', '".md5($_POST['password'])."', '".$_POST['name']."', ".(int)$_POST['authority'].", '', 0, 0, '".$hh->curr_date()."', '".$hh->curr_date()."'");
				$hh->set_message("success","Kullanıcı eklendi");
				$hh->go("index.php?page=panel&panel=users");
			}
		}
		break;
		
		case "configuration" :
		if($hh->can_access(1)){
			$hh->db_update("settings","value=".(int)$_POST["check_complaints"],"id=4");
			$hh->db_update("settings","value=".(int)$_POST["check_comments"],"id=3");
			$hh->db_update("settings","value=".(int)$_POST["check_articles"],"id=7");
			$hh->set_message("success","Site ayarları kaydedildi");
			$hh->go("index.php?page=panel&panel=configuration");
		}
		break;
		
		case "block_complaint" :
		if($hh->can_access(1)){
			$block = $hh->fetch_array($hh->db_get("block","complaints","id=".(int)$hh->escape($_GET["control2"])));
			$block = $block["block"];
			if($block == 1 || $block == 2) $block = 0; elseif($block == 0) $block = 1;
			$hh->db_update("complaints","block=$block","id=".(int)$hh->escape($_GET["control2"]));
			if($block == 1) $message = "Şikayet aktif hale getirildi"; elseif($block == 0) $message = "Şikayet engellendi";
			$hh->set_message("success",$message);
			$hh->go("back");
		}
		break;
		
		case "del_complaint_from_all_complaints" :
		if($hh->can_access(1)){
			$hh->del_complaint((int)$hh->escape($_GET["control2"]));
			$hh->set_message("success","Şikayet silindi");
			$hh->go("back");
		}
		break;
		
	}
	
	
	
?>